21 million decrypted Gmail & 5 million yahoo accounts being sold on Dark Web

Last week HackRead exclusively reported on a Darb Web vendor “SunTzu583” selling millions of decrypted Gmail, Yahoo and PlayStation Network accounts. Now, the same vendor is offering a trove of data containing more of Gmail and Yahoo accounts with decrypted passwords.


The total number of Gmail accounts being sold are 4,928,888 which have been divided into three different listings. All three listings contain 2,262,444 accounts including emails and their clear text passwords.

In the description of these listings, SunTzu583 has mentioned that “Not all these combinations work directly on Gmail, so don’t expect that all these email and passwords combinations work on Gmail.”

After scanning the sample data on Hacked-DB and Have I been pwned we found out that these accounts have been collected from different data breaches including LinkedIn in which 117 million accounts were leaked, Adobe breach in which 153 million accounts were stolen and Bitcoin Security Forum in which 5M Gmail passwords. However, most of the accounts have been taken from the above mentioned Bitcoin Security Forum breach.

Screenshot of all Gmail listings on a dark web marketplace

The second and separate listing shows the vendor is selling additional 21,800,969 Gmail accounts in USD 450.48 (BTC 0.4673) where according to their claim 75% accounts contain decrypted passwords while 25% passwords are hashed.

Upon scanning, HackRead can confirm that the data has been stolen from various data breaches including Nulled.cr breach in May 2016, in which 599,000 user accounts were leaked, MPGH.net breach from 2015, in which 3.1 million users accounts were disclosed, Dropbox breach in which 68 million accounts were stolen in 2012, and leaked in 2016.

Screenshot of Gmail listing on a dark web marketplace

Yahoo data

Yahoo is already under criticism for its poor security implementations allowing hackers to breach company’s servers and steal a trove of user data. Last week, Yahoo accused three Russians and one Canadian hacker of stealing 500 Million accounts in 2014. Before that, hackers also took 1 billion Yahoo user accounts in 2013, while criticism on the company for developing spying software for NSA was another big scandal.

To bring more embarrassment for the Internet giant, SunTzu583 is selling 5,741,802 Yahoo user accounts. The listings have been divided into three parts with each of them containing 1,912,659 accounts while the total price set for the database is USD 250.48 (BTC 0.2532).

Screenshot of all Yahoo listings on a dark web marketplace

SunTzu583 claims that each listing contains unique accounts however after scanning the sample data, we found the majority of accounts were disabled while some were still working and stolen from MySpace, LinkedIn, and Adobe data breaches. SunTzu583 maintains that “Not all these combinations work directly on Yahoo, so don’t expect that all these email and passwords combinations work on Yahoo.”

What Gmail and Yahoo users should do

For the last couple of years, there has been an increase in social engineering attacks in which hackers scan for old passwords from previous data breaches and try to login with existing accounts on every possible platform. In this case, if the user hasn’t changed their password the attackers can easily steal the targeted account, for example, OurMine hacking group using old passwords from LinkedIn and MySpace breaches and hacked Mark Zuckerberg‘s Twitter account, Google CEO’s Sundar Pichai’s Twitter and Quora accounts and several other accounts of celebrities and bosses of Internet giants.

Therefore keep the events mentioned above in mind and change your password in case you haven’t done that for a while. Also, change passwords on other sites in case your Gmail or Yahoo accounts have the same passwords as on social media or sites you login into frequently.

Editor’s note:

At HackRead we are strictly against selling users account over the Internet – We as a publication or individuals have no connection with dark web vendors, and no accounts were ever accessed during the scanning process we performed.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts